| /* gspawn.c - Process launching |
| * |
| * Copyright 2000 Red Hat, Inc. |
| * g_execvpe implementation based on GNU libc execvp: |
| * Copyright 1991, 92, 95, 96, 97, 98, 99 Free Software Foundation, Inc. |
| * |
| * SPDX-License-Identifier: LGPL-2.1-or-later |
| * |
| * This library is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU Lesser General Public |
| * License as published by the Free Software Foundation; either |
| * version 2.1 of the License, or (at your option) any later version. |
| * |
| * This library is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| * Lesser General Public License for more details. |
| * |
| * You should have received a copy of the GNU Lesser General Public License |
| * along with this library; if not, see <http://www.gnu.org/licenses/>. |
| */ |
| |
| #include "config.h" |
| |
| #include <sys/time.h> |
| #include <sys/types.h> |
| #include <sys/wait.h> |
| #include <unistd.h> |
| #include <errno.h> |
| #include <fcntl.h> |
| #include <signal.h> |
| #include <string.h> |
| #include <stdlib.h> /* for fdwalk */ |
| #include <dirent.h> |
| #include <unistd.h> |
| |
| #ifdef HAVE_SPAWN_H |
| #include <spawn.h> |
| #endif /* HAVE_SPAWN_H */ |
| |
| #ifdef HAVE_CRT_EXTERNS_H |
| #include <crt_externs.h> /* for _NSGetEnviron */ |
| #endif |
| |
| #ifdef HAVE_SYS_SELECT_H |
| #include <sys/select.h> |
| #endif /* HAVE_SYS_SELECT_H */ |
| |
| #ifdef HAVE_SYS_RESOURCE_H |
| #include <sys/resource.h> |
| #endif /* HAVE_SYS_RESOURCE_H */ |
| |
| #if defined(__linux__) || defined(__DragonFly__) |
| #include <sys/syscall.h> /* for syscall and SYS_getdents64 */ |
| #endif |
| |
| #include "gspawn.h" |
| #include "gspawn-private.h" |
| #include "gthread.h" |
| #include "gtrace-private.h" |
| #include "glib/gstdio.h" |
| |
| #include "genviron.h" |
| #include "gmem.h" |
| #include "gshell.h" |
| #include "gstring.h" |
| #include "gstrfuncs.h" |
| #include "gtestutils.h" |
| #include "gutils.h" |
| #include "glibintl.h" |
| #include "glib-unix.h" |
| |
| #if defined(__APPLE__) && defined(HAVE_LIBPROC_H) |
| #include <libproc.h> |
| #include <sys/proc_info.h> |
| #endif |
| |
| #define INHERITS_OR_NULL_STDIN (G_SPAWN_STDIN_FROM_DEV_NULL | G_SPAWN_CHILD_INHERITS_STDIN) |
| #define INHERITS_OR_NULL_STDOUT (G_SPAWN_STDOUT_TO_DEV_NULL | G_SPAWN_CHILD_INHERITS_STDOUT) |
| #define INHERITS_OR_NULL_STDERR (G_SPAWN_STDERR_TO_DEV_NULL | G_SPAWN_CHILD_INHERITS_STDERR) |
| |
| #define IS_STD_FILENO(_fd) ((_fd >= STDIN_FILENO) && (_fd <= STDERR_FILENO)) |
| #define IS_VALID_FILENO(_fd) (_fd >= 0) |
| |
| /* posix_spawn() is assumed the fastest way to spawn, but glibc's |
| * implementation was buggy before glibc 2.24, so avoid it on old versions. |
| */ |
| #ifdef HAVE_POSIX_SPAWN |
| #ifdef __GLIBC__ |
| |
| #if __GLIBC_PREREQ(2,24) |
| #define POSIX_SPAWN_AVAILABLE |
| #endif |
| |
| #else /* !__GLIBC__ */ |
| /* Assume that all non-glibc posix_spawn implementations are fine. */ |
| #define POSIX_SPAWN_AVAILABLE |
| #endif /* __GLIBC__ */ |
| #endif /* HAVE_POSIX_SPAWN */ |
| |
| #ifdef HAVE__NSGETENVIRON |
| #define environ (*_NSGetEnviron()) |
| #else |
| extern char **environ; |
| #endif |
| |
| #ifndef O_CLOEXEC |
| #define O_CLOEXEC 0 |
| #else |
| #define HAVE_O_CLOEXEC 1 |
| #endif |
| |
| static gint g_execute (const gchar *file, |
| gchar **argv, |
| gchar **argv_buffer, |
| gsize argv_buffer_len, |
| gchar **envp, |
| const gchar *search_path, |
| gchar *search_path_buffer, |
| gsize search_path_buffer_len); |
| |
| static gboolean fork_exec (gboolean intermediate_child, |
| const gchar *working_directory, |
| const gchar * const *argv, |
| const gchar * const *envp, |
| gboolean close_descriptors, |
| gboolean search_path, |
| gboolean search_path_from_envp, |
| gboolean stdout_to_null, |
| gboolean stderr_to_null, |
| gboolean child_inherits_stdin, |
| gboolean file_and_argv_zero, |
| gboolean cloexec_pipes, |
| GSpawnChildSetupFunc child_setup, |
| gpointer user_data, |
| GPid *child_pid, |
| gint *stdin_pipe_out, |
| gint *stdout_pipe_out, |
| gint *stderr_pipe_out, |
| gint stdin_fd, |
| gint stdout_fd, |
| gint stderr_fd, |
| const gint *source_fds, |
| const gint *target_fds, |
| gsize n_fds, |
| GError **error); |
| |
| G_DEFINE_QUARK (g-exec-error-quark, g_spawn_error) |
| G_DEFINE_QUARK (g-spawn-exit-error-quark, g_spawn_exit_error) |
| |
| /** |
| * g_spawn_async: |
| * @working_directory: (type filename) (nullable): child's current working |
| * directory, or %NULL to inherit parent's |
| * @argv: (array zero-terminated=1) (element-type filename): |
| * child's argument vector |
| * @envp: (array zero-terminated=1) (element-type filename) (nullable): |
| * child's environment, or %NULL to inherit parent's |
| * @flags: flags from #GSpawnFlags |
| * @child_setup: (scope async) (closure user_data) (nullable): function to run |
| * in the child just before `exec()` |
| * @user_data: user data for @child_setup |
| * @child_pid: (out) (optional): return location for child process reference, or %NULL |
| * @error: return location for error |
| * |
| * Executes a child program asynchronously. |
| * |
| * See g_spawn_async_with_pipes() for a full description; this function |
| * simply calls the g_spawn_async_with_pipes() without any pipes. |
| * |
| * You should call g_spawn_close_pid() on the returned child process |
| * reference when you don't need it any more. |
| * |
| * If you are writing a GTK application, and the program you are spawning is a |
| * graphical application too, then to ensure that the spawned program opens its |
| * windows on the right screen, you may want to use #GdkAppLaunchContext, |
| * #GAppLaunchContext, or set the %DISPLAY environment variable. |
| * |
| * Note that the returned @child_pid on Windows is a handle to the child |
| * process and not its identifier. Process handles and process identifiers |
| * are different concepts on Windows. |
| * |
| * Returns: %TRUE on success, %FALSE if error is set |
| **/ |
| gboolean |
| g_spawn_async (const gchar *working_directory, |
| gchar **argv, |
| gchar **envp, |
| GSpawnFlags flags, |
| GSpawnChildSetupFunc child_setup, |
| gpointer user_data, |
| GPid *child_pid, |
| GError **error) |
| { |
| return g_spawn_async_with_pipes (working_directory, |
| argv, envp, |
| flags, |
| child_setup, |
| user_data, |
| child_pid, |
| NULL, NULL, NULL, |
| error); |
| } |
| |
| /* Some versions of OS X define READ_OK in public headers */ |
| #undef READ_OK |
| |
| typedef enum |
| { |
| READ_FAILED = 0, /* FALSE */ |
| READ_OK, |
| READ_EOF |
| } ReadResult; |
| |
| static ReadResult |
| read_data (GString *str, |
| gint fd, |
| GError **error) |
| { |
| gssize bytes; |
| gchar buf[4096]; |
| |
| again: |
| bytes = read (fd, buf, 4096); |
| |
| if (bytes == 0) |
| return READ_EOF; |
| else if (bytes > 0) |
| { |
| g_string_append_len (str, buf, bytes); |
| return READ_OK; |
| } |
| else if (errno == EINTR) |
| goto again; |
| else |
| { |
| int errsv = errno; |
| |
| g_set_error (error, |
| G_SPAWN_ERROR, |
| G_SPAWN_ERROR_READ, |
| _("Failed to read data from child process (%s)"), |
| g_strerror (errsv)); |
| |
| return READ_FAILED; |
| } |
| } |
| |
| /** |
| * g_spawn_sync: |
| * @working_directory: (type filename) (nullable): child's current working |
| * directory, or %NULL to inherit parent's |
| * @argv: (array zero-terminated=1) (element-type filename): |
| * child's argument vector, which must be non-empty and %NULL-terminated |
| * @envp: (array zero-terminated=1) (element-type filename) (nullable): |
| * child's environment, or %NULL to inherit parent's |
| * @flags: flags from #GSpawnFlags |
| * @child_setup: (scope call) (closure user_data) (nullable): function to run |
| * in the child just before `exec()` |
| * @user_data: user data for @child_setup |
| * @standard_output: (out) (array zero-terminated=1) (element-type guint8) (optional): return location for child output, or %NULL |
| * @standard_error: (out) (array zero-terminated=1) (element-type guint8) (optional): return location for child error messages, or %NULL |
| * @wait_status: (out) (optional): return location for child wait status, as returned by waitpid(), or %NULL |
| * @error: return location for error, or %NULL |
| * |
| * Executes a child synchronously (waits for the child to exit before returning). |
| * |
| * All output from the child is stored in @standard_output and @standard_error, |
| * if those parameters are non-%NULL. Note that you must set the |
| * %G_SPAWN_STDOUT_TO_DEV_NULL and %G_SPAWN_STDERR_TO_DEV_NULL flags when |
| * passing %NULL for @standard_output and @standard_error. |
| * |
| * If @wait_status is non-%NULL, the platform-specific status of |
| * the child is stored there; see the documentation of |
| * g_spawn_check_wait_status() for how to use and interpret this. |
| * On Unix platforms, note that it is usually not equal |
| * to the integer passed to `exit()` or returned from `main()`. |
| * |
| * Note that it is invalid to pass %G_SPAWN_DO_NOT_REAP_CHILD in |
| * @flags, and on POSIX platforms, the same restrictions as for |
| * g_child_watch_source_new() apply. |
| * |
| * If an error occurs, no data is returned in @standard_output, |
| * @standard_error, or @wait_status. |
| * |
| * This function calls g_spawn_async_with_pipes() internally; see that |
| * function for full details on the other parameters and details on |
| * how these functions work on Windows. |
| * |
| * Returns: %TRUE on success, %FALSE if an error was set |
| */ |
| gboolean |
| g_spawn_sync (const gchar *working_directory, |
| gchar **argv, |
| gchar **envp, |
| GSpawnFlags flags, |
| GSpawnChildSetupFunc child_setup, |
| gpointer user_data, |
| gchar **standard_output, |
| gchar **standard_error, |
| gint *wait_status, |
| GError **error) |
| { |
| gint outpipe = -1; |
| gint errpipe = -1; |
| GPid pid; |
| gint ret; |
| GString *outstr = NULL; |
| GString *errstr = NULL; |
| gboolean failed; |
| gint status; |
| |
| g_return_val_if_fail (argv != NULL, FALSE); |
| g_return_val_if_fail (argv[0] != NULL, FALSE); |
| g_return_val_if_fail (!(flags & G_SPAWN_DO_NOT_REAP_CHILD), FALSE); |
| g_return_val_if_fail (standard_output == NULL || |
| !(flags & G_SPAWN_STDOUT_TO_DEV_NULL), FALSE); |
| g_return_val_if_fail (standard_error == NULL || |
| !(flags & G_SPAWN_STDERR_TO_DEV_NULL), FALSE); |
| |
| /* Just to ensure segfaults if callers try to use |
| * these when an error is reported. |
| */ |
| if (standard_output) |
| *standard_output = NULL; |
| |
| if (standard_error) |
| *standard_error = NULL; |
| |
| if (!fork_exec (FALSE, |
| working_directory, |
| (const gchar * const *) argv, |
| (const gchar * const *) envp, |
| !(flags & G_SPAWN_LEAVE_DESCRIPTORS_OPEN), |
| (flags & G_SPAWN_SEARCH_PATH) != 0, |
| (flags & G_SPAWN_SEARCH_PATH_FROM_ENVP) != 0, |
| (flags & G_SPAWN_STDOUT_TO_DEV_NULL) != 0, |
| (flags & G_SPAWN_STDERR_TO_DEV_NULL) != 0, |
| (flags & G_SPAWN_CHILD_INHERITS_STDIN) != 0, |
| (flags & G_SPAWN_FILE_AND_ARGV_ZERO) != 0, |
| (flags & G_SPAWN_CLOEXEC_PIPES) != 0, |
| child_setup, |
| user_data, |
| &pid, |
| NULL, |
| standard_output ? &outpipe : NULL, |
| standard_error ? &errpipe : NULL, |
| -1, -1, -1, |
| NULL, NULL, 0, |
| error)) |
| return FALSE; |
| |
| /* Read data from child. */ |
| |
| failed = FALSE; |
| |
| if (outpipe >= 0) |
| { |
| outstr = g_string_new (NULL); |
| } |
| |
| if (errpipe >= 0) |
| { |
| errstr = g_string_new (NULL); |
| } |
| |
| /* Read data until we get EOF on both pipes. */ |
| while (!failed && |
| (outpipe >= 0 || |
| errpipe >= 0)) |
| { |
| /* Any negative FD in the array is ignored, so we can use a fixed length. |
| * We can use UNIX FDs here without worrying about Windows HANDLEs because |
| * the Windows implementation is entirely in gspawn-win32.c. */ |
| GPollFD fds[] = |
| { |
| { outpipe, G_IO_IN | G_IO_HUP | G_IO_ERR, 0 }, |
| { errpipe, G_IO_IN | G_IO_HUP | G_IO_ERR, 0 }, |
| }; |
| |
| ret = g_poll (fds, G_N_ELEMENTS (fds), -1 /* no timeout */); |
| |
| if (ret < 0) |
| { |
| int errsv = errno; |
| |
| if (errno == EINTR) |
| continue; |
| |
| failed = TRUE; |
| |
| g_set_error (error, |
| G_SPAWN_ERROR, |
| G_SPAWN_ERROR_READ, |
| _("Unexpected error in reading data from a child process (%s)"), |
| g_strerror (errsv)); |
| |
| break; |
| } |
| |
| if (outpipe >= 0 && fds[0].revents != 0) |
| { |
| switch (read_data (outstr, outpipe, error)) |
| { |
| case READ_FAILED: |
| failed = TRUE; |
| break; |
| case READ_EOF: |
| g_clear_fd (&outpipe, NULL); |
| break; |
| default: |
| break; |
| } |
| |
| if (failed) |
| break; |
| } |
| |
| if (errpipe >= 0 && fds[1].revents != 0) |
| { |
| switch (read_data (errstr, errpipe, error)) |
| { |
| case READ_FAILED: |
| failed = TRUE; |
| break; |
| case READ_EOF: |
| g_clear_fd (&errpipe, NULL); |
| break; |
| default: |
| break; |
| } |
| |
| if (failed) |
| break; |
| } |
| } |
| |
| /* These should only be open still if we had an error. */ |
| g_clear_fd (&outpipe, NULL); |
| g_clear_fd (&errpipe, NULL); |
| |
| /* Wait for child to exit, even if we have |
| * an error pending. |
| */ |
| again: |
| |
| ret = waitpid (pid, &status, 0); |
| |
| if (ret < 0) |
| { |
| if (errno == EINTR) |
| goto again; |
| else if (errno == ECHILD) |
| { |
| if (wait_status) |
| { |
| g_warning ("In call to g_spawn_sync(), wait status of a child process was requested but ECHILD was received by waitpid(). See the documentation of g_child_watch_source_new() for possible causes."); |
| } |
| else |
| { |
| /* We don't need the wait status. */ |
| } |
| } |
| else |
| { |
| if (!failed) /* avoid error pileups */ |
| { |
| int errsv = errno; |
| |
| failed = TRUE; |
| |
| g_set_error (error, |
| G_SPAWN_ERROR, |
| G_SPAWN_ERROR_READ, |
| _("Unexpected error in waitpid() (%s)"), |
| g_strerror (errsv)); |
| } |
| } |
| } |
| |
| if (failed) |
| { |
| if (outstr) |
| g_string_free (outstr, TRUE); |
| if (errstr) |
| g_string_free (errstr, TRUE); |
| |
| return FALSE; |
| } |
| else |
| { |
| if (wait_status) |
| *wait_status = status; |
| |
| if (standard_output) |
| *standard_output = g_string_free (outstr, FALSE); |
| |
| if (standard_error) |
| *standard_error = g_string_free (errstr, FALSE); |
| |
| return TRUE; |
| } |
| } |
| |
| /** |
| * g_spawn_async_with_pipes: |
| * @working_directory: (type filename) (nullable): child's current working |
| * directory, or %NULL to inherit parent's, in the GLib file name encoding |
| * @argv: (array zero-terminated=1) (element-type filename): child's argument |
| * vector, in the GLib file name encoding; it must be non-empty and %NULL-terminated |
| * @envp: (array zero-terminated=1) (element-type filename) (nullable): |
| * child's environment, or %NULL to inherit parent's, in the GLib file |
| * name encoding |
| * @flags: flags from #GSpawnFlags |
| * @child_setup: (scope async) (closure user_data) (nullable): function to run |
| * in the child just before `exec()` |
| * @user_data: user data for @child_setup |
| * @child_pid: (out) (optional): return location for child process ID, or %NULL |
| * @standard_input: (out) (optional): return location for file descriptor to write to child's stdin, or %NULL |
| * @standard_output: (out) (optional): return location for file descriptor to read child's stdout, or %NULL |
| * @standard_error: (out) (optional): return location for file descriptor to read child's stderr, or %NULL |
| * @error: return location for error |
| * |
| * Identical to g_spawn_async_with_pipes_and_fds() but with `n_fds` set to zero, |
| * so no FD assignments are used. |
| * |
| * Returns: %TRUE on success, %FALSE if an error was set |
| */ |
| gboolean |
| g_spawn_async_with_pipes (const gchar *working_directory, |
| gchar **argv, |
| gchar **envp, |
| GSpawnFlags flags, |
| GSpawnChildSetupFunc child_setup, |
| gpointer user_data, |
| GPid *child_pid, |
| gint *standard_input, |
| gint *standard_output, |
| gint *standard_error, |
| GError **error) |
| { |
| return g_spawn_async_with_pipes_and_fds (working_directory, |
| (const gchar * const *) argv, |
| (const gchar * const *) envp, |
| flags, |
| child_setup, user_data, |
| -1, -1, -1, |
| NULL, NULL, 0, |
| child_pid, |
| standard_input, |
| standard_output, |
| standard_error, |
| error); |
| } |
| |
| /** |
| * g_spawn_async_with_pipes_and_fds: |
| * @working_directory: (type filename) (nullable): child's current working |
| * directory, or %NULL to inherit parent's, in the GLib file name encoding |
| * @argv: (array zero-terminated=1) (element-type filename): child's argument |
| * vector, in the GLib file name encoding; it must be non-empty and %NULL-terminated |
| * @envp: (array zero-terminated=1) (element-type filename) (nullable): |
| * child's environment, or %NULL to inherit parent's, in the GLib file |
| * name encoding |
| * @flags: flags from #GSpawnFlags |
| * @child_setup: (scope async) (closure user_data) (nullable): function to run |
| * in the child just before `exec()` |
| * @user_data: user data for @child_setup |
| * @stdin_fd: file descriptor to use for child's stdin, or `-1` |
| * @stdout_fd: file descriptor to use for child's stdout, or `-1` |
| * @stderr_fd: file descriptor to use for child's stderr, or `-1` |
| * @source_fds: (array length=n_fds) (nullable): array of FDs from the parent |
| * process to make available in the child process |
| * @target_fds: (array length=n_fds) (nullable): array of FDs to remap |
| * @source_fds to in the child process |
| * @n_fds: number of FDs in @source_fds and @target_fds |
| * @child_pid_out: (out) (optional): return location for child process ID, or %NULL |
| * @stdin_pipe_out: (out) (optional): return location for file descriptor to write to child's stdin, or %NULL |
| * @stdout_pipe_out: (out) (optional): return location for file descriptor to read child's stdout, or %NULL |
| * @stderr_pipe_out: (out) (optional): return location for file descriptor to read child's stderr, or %NULL |
| * @error: return location for error |
| * |
| * Executes a child program asynchronously (your program will not |
| * block waiting for the child to exit). |
| * |
| * The child program is specified by the only argument that must be |
| * provided, @argv. @argv should be a %NULL-terminated array of strings, |
| * to be passed as the argument vector for the child. The first string |
| * in @argv is of course the name of the program to execute. By default, |
| * the name of the program must be a full path. If @flags contains the |
| * %G_SPAWN_SEARCH_PATH flag, the `PATH` environment variable is used to |
| * search for the executable. If @flags contains the |
| * %G_SPAWN_SEARCH_PATH_FROM_ENVP flag, the `PATH` variable from @envp |
| * is used to search for the executable. If both the |
| * %G_SPAWN_SEARCH_PATH and %G_SPAWN_SEARCH_PATH_FROM_ENVP flags are |
| * set, the `PATH` variable from @envp takes precedence over the |
| * environment variable. |
| * |
| * If the program name is not a full path and %G_SPAWN_SEARCH_PATH flag |
| * is not used, then the program will be run from the current directory |
| * (or @working_directory, if specified); this might be unexpected or even |
| * dangerous in some cases when the current directory is world-writable. |
| * |
| * On Windows, note that all the string or string vector arguments to |
| * this function and the other `g_spawn*()` functions are in UTF-8, the |
| * GLib file name encoding. Unicode characters that are not part of |
| * the system codepage passed in these arguments will be correctly |
| * available in the spawned program only if it uses wide character API |
| * to retrieve its command line. For C programs built with Microsoft's |
| * tools it is enough to make the program have a `wmain()` instead of |
| * `main()`. `wmain()` has a wide character argument vector as parameter. |
| * |
| * At least currently, mingw doesn't support `wmain()`, so if you use |
| * mingw to develop the spawned program, it should call |
| * g_win32_get_command_line() to get arguments in UTF-8. |
| * |
| * On Windows the low-level child process creation API `CreateProcess()` |
| * doesn't use argument vectors, but a command line. The C runtime |
| * library's `spawn*()` family of functions (which g_spawn_async_with_pipes() |
| * eventually calls) paste the argument vector elements together into |
| * a command line, and the C runtime startup code does a corresponding |
| * reconstruction of an argument vector from the command line, to be |
| * passed to `main()`. Complications arise when you have argument vector |
| * elements that contain spaces or double quotes. The `spawn*()` functions |
| * don't do any quoting or escaping, but on the other hand the startup |
| * code does do unquoting and unescaping in order to enable receiving |
| * arguments with embedded spaces or double quotes. To work around this |
| * asymmetry, g_spawn_async_with_pipes() will do quoting and escaping on |
| * argument vector elements that need it before calling the C runtime |
| * `spawn()` function. |
| * |
| * The returned @child_pid on Windows is a handle to the child |
| * process, not its identifier. Process handles and process |
| * identifiers are different concepts on Windows. |
| * |
| * @envp is a %NULL-terminated array of strings, where each string |
| * has the form `KEY=VALUE`. This will become the child's environment. |
| * If @envp is %NULL, the child inherits its parent's environment. |
| * |
| * @flags should be the bitwise OR of any flags you want to affect the |
| * function's behaviour. The %G_SPAWN_DO_NOT_REAP_CHILD means that the |
| * child will not automatically be reaped; you must use a child watch |
| * (g_child_watch_add()) to be notified about the death of the child process, |
| * otherwise it will stay around as a zombie process until this process exits. |
| * Eventually you must call g_spawn_close_pid() on the @child_pid, in order to |
| * free resources which may be associated with the child process. (On Unix, |
| * using a child watch is equivalent to calling waitpid() or handling |
| * the `SIGCHLD` signal manually. On Windows, calling g_spawn_close_pid() |
| * is equivalent to calling `CloseHandle()` on the process handle returned |
| * in @child_pid). See g_child_watch_add(). |
| * |
| * Open UNIX file descriptors marked as `FD_CLOEXEC` will be automatically |
| * closed in the child process. %G_SPAWN_LEAVE_DESCRIPTORS_OPEN means that |
| * other open file descriptors will be inherited by the child; otherwise all |
| * descriptors except stdin/stdout/stderr will be closed before calling `exec()` |
| * in the child. %G_SPAWN_SEARCH_PATH means that @argv[0] need not be an |
| * absolute path, it will be looked for in the `PATH` environment |
| * variable. %G_SPAWN_SEARCH_PATH_FROM_ENVP means need not be an |
| * absolute path, it will be looked for in the `PATH` variable from |
| * @envp. If both %G_SPAWN_SEARCH_PATH and %G_SPAWN_SEARCH_PATH_FROM_ENVP |
| * are used, the value from @envp takes precedence over the environment. |
| * |
| * %G_SPAWN_CHILD_INHERITS_STDIN means that the child will inherit the parent's |
| * standard input (by default, the child's standard input is attached to |
| * `/dev/null`). %G_SPAWN_STDIN_FROM_DEV_NULL explicitly imposes the default |
| * behavior. Both flags cannot be enabled at the same time and, in both cases, |
| * the @stdin_pipe_out argument is ignored. |
| * |
| * %G_SPAWN_STDOUT_TO_DEV_NULL means that the child's standard output |
| * will be discarded (by default, it goes to the same location as the parent's |
| * standard output). %G_SPAWN_CHILD_INHERITS_STDOUT explicitly imposes the |
| * default behavior. Both flags cannot be enabled at the same time and, in |
| * both cases, the @stdout_pipe_out argument is ignored. |
| * |
| * %G_SPAWN_STDERR_TO_DEV_NULL means that the child's standard error |
| * will be discarded (by default, it goes to the same location as the parent's |
| * standard error). %G_SPAWN_CHILD_INHERITS_STDERR explicitly imposes the |
| * default behavior. Both flags cannot be enabled at the same time and, in |
| * both cases, the @stderr_pipe_out argument is ignored. |
| * |
| * It is valid to pass the same FD in multiple parameters (e.g. you can pass |
| * a single FD for both @stdout_fd and @stderr_fd, and include it in |
| * @source_fds too). |
| * |
| * @source_fds and @target_fds allow zero or more FDs from this process to be |
| * remapped to different FDs in the spawned process. If @n_fds is greater than |
| * zero, @source_fds and @target_fds must both be non-%NULL and the same length. |
| * Each FD in @source_fds is remapped to the FD number at the same index in |
| * @target_fds. The source and target FD may be equal to simply propagate an FD |
| * to the spawned process. FD remappings are processed after standard FDs, so |
| * any target FDs which equal @stdin_fd, @stdout_fd or @stderr_fd will overwrite |
| * them in the spawned process. |
| * |
| * @source_fds is supported on Windows since 2.72. |
| * |
| * %G_SPAWN_FILE_AND_ARGV_ZERO means that the first element of @argv is |
| * the file to execute, while the remaining elements are the actual |
| * argument vector to pass to the file. Normally g_spawn_async_with_pipes() |
| * uses @argv[0] as the file to execute, and passes all of @argv to the child. |
| * |
| * @child_setup and @user_data are a function and user data. On POSIX |
| * platforms, the function is called in the child after GLib has |
| * performed all the setup it plans to perform (including creating |
| * pipes, closing file descriptors, etc.) but before calling `exec()`. |
| * That is, @child_setup is called just before calling `exec()` in the |
| * child. Obviously actions taken in this function will only affect |
| * the child, not the parent. |
| * |
| * On Windows, there is no separate `fork()` and `exec()` functionality. |
| * Child processes are created and run with a single API call, |
| * `CreateProcess()`. There is no sensible thing @child_setup |
| * could be used for on Windows so it is ignored and not called. |
| * |
| * If non-%NULL, @child_pid will on Unix be filled with the child's |
| * process ID. You can use the process ID to send signals to the child, |
| * or to use g_child_watch_add() (or `waitpid()`) if you specified the |
| * %G_SPAWN_DO_NOT_REAP_CHILD flag. On Windows, @child_pid will be |
| * filled with a handle to the child process only if you specified the |
| * %G_SPAWN_DO_NOT_REAP_CHILD flag. You can then access the child |
| * process using the Win32 API, for example wait for its termination |
| * with the `WaitFor*()` functions, or examine its exit code with |
| * `GetExitCodeProcess()`. You should close the handle with `CloseHandle()` |
| * or g_spawn_close_pid() when you no longer need it. |
| * |
| * If non-%NULL, the @stdin_pipe_out, @stdout_pipe_out, @stderr_pipe_out |
| * locations will be filled with file descriptors for writing to the child's |
| * standard input or reading from its standard output or standard error. |
| * The caller of g_spawn_async_with_pipes() must close these file descriptors |
| * when they are no longer in use. If these parameters are %NULL, the |
| * corresponding pipe won't be created. |
| * |
| * If @stdin_pipe_out is %NULL, the child's standard input is attached to |
| * `/dev/null` unless %G_SPAWN_CHILD_INHERITS_STDIN is set. |
| * |
| * If @stderr_pipe_out is NULL, the child's standard error goes to the same |
| * location as the parent's standard error unless %G_SPAWN_STDERR_TO_DEV_NULL |
| * is set. |
| * |
| * If @stdout_pipe_out is NULL, the child's standard output goes to the same |
| * location as the parent's standard output unless %G_SPAWN_STDOUT_TO_DEV_NULL |
| * is set. |
| * |
| * @error can be %NULL to ignore errors, or non-%NULL to report errors. |
| * If an error is set, the function returns %FALSE. Errors are reported |
| * even if they occur in the child (for example if the executable in |
| * `@argv[0]` is not found). Typically the `message` field of returned |
| * errors should be displayed to users. Possible errors are those from |
| * the %G_SPAWN_ERROR domain. |
| * |
| * If an error occurs, @child_pid, @stdin_pipe_out, @stdout_pipe_out, |
| * and @stderr_pipe_out will not be filled with valid values. |
| * |
| * If @child_pid is not %NULL and an error does not occur then the returned |
| * process reference must be closed using g_spawn_close_pid(). |
| * |
| * On modern UNIX platforms, GLib can use an efficient process launching |
| * codepath driven internally by `posix_spawn()`. This has the advantage of |
| * avoiding the fork-time performance costs of cloning the parent process |
| * address space, and avoiding associated memory overcommit checks that are |
| * not relevant in the context of immediately executing a distinct process. |
| * This optimized codepath will be used provided that the following conditions |
| * are met: |
| * |
| * 1. %G_SPAWN_DO_NOT_REAP_CHILD is set |
| * 2. %G_SPAWN_LEAVE_DESCRIPTORS_OPEN is set |
| * 3. %G_SPAWN_SEARCH_PATH_FROM_ENVP is not set |
| * 4. @working_directory is %NULL |
| * 5. @child_setup is %NULL |
| * 6. The program is of a recognised binary format, or has a shebang. |
| * Otherwise, GLib will have to execute the program through the |
| * shell, which is not done using the optimized codepath. |
| * |
| * If you are writing a GTK application, and the program you are spawning is a |
| * graphical application too, then to ensure that the spawned program opens its |
| * windows on the right screen, you may want to use #GdkAppLaunchContext, |
| * #GAppLaunchContext, or set the `DISPLAY` environment variable. |
| * |
| * Returns: %TRUE on success, %FALSE if an error was set |
| * |
| * Since: 2.68 |
| */ |
| gboolean |
| g_spawn_async_with_pipes_and_fds (const gchar *working_directory, |
| const gchar * const *argv, |
| const gchar * const *envp, |
| GSpawnFlags flags, |
| GSpawnChildSetupFunc child_setup, |
| gpointer user_data, |
| gint stdin_fd, |
| gint stdout_fd, |
| gint stderr_fd, |
| const gint *source_fds, |
| const gint *target_fds, |
| gsize n_fds, |
| GPid *child_pid_out, |
| gint *stdin_pipe_out, |
| gint *stdout_pipe_out, |
| gint *stderr_pipe_out, |
| GError **error) |
| { |
| g_return_val_if_fail (argv != NULL, FALSE); |
| g_return_val_if_fail (argv[0] != NULL, FALSE); |
| /* can’t both inherit and set pipes to /dev/null */ |
| g_return_val_if_fail ((flags & INHERITS_OR_NULL_STDIN) != INHERITS_OR_NULL_STDIN, FALSE); |
| g_return_val_if_fail ((flags & INHERITS_OR_NULL_STDOUT) != INHERITS_OR_NULL_STDOUT, FALSE); |
| g_return_val_if_fail ((flags & INHERITS_OR_NULL_STDERR) != INHERITS_OR_NULL_STDERR, FALSE); |
| /* can’t use pipes and stdin/stdout/stderr FDs */ |
| g_return_val_if_fail (stdin_pipe_out == NULL || stdin_fd < 0, FALSE); |
| g_return_val_if_fail (stdout_pipe_out == NULL || stdout_fd < 0, FALSE); |
| g_return_val_if_fail (stderr_pipe_out == NULL || stderr_fd < 0, FALSE); |
| |
| if ((flags & INHERITS_OR_NULL_STDIN) != 0) |
| stdin_pipe_out = NULL; |
| if ((flags & INHERITS_OR_NULL_STDOUT) != 0) |
| stdout_pipe_out = NULL; |
| if ((flags & INHERITS_OR_NULL_STDERR) != 0) |
| stderr_pipe_out = NULL; |
| |
| return fork_exec (!(flags & G_SPAWN_DO_NOT_REAP_CHILD), |
| working_directory, |
| (const gchar * const *) argv, |
| (const gchar * const *) envp, |
| !(flags & G_SPAWN_LEAVE_DESCRIPTORS_OPEN), |
| (flags & G_SPAWN_SEARCH_PATH) != 0, |
| (flags & G_SPAWN_SEARCH_PATH_FROM_ENVP) != 0, |
| (flags & G_SPAWN_STDOUT_TO_DEV_NULL) != 0, |
| (flags & G_SPAWN_STDERR_TO_DEV_NULL) != 0, |
| (flags & G_SPAWN_CHILD_INHERITS_STDIN) != 0, |
| (flags & G_SPAWN_FILE_AND_ARGV_ZERO) != 0, |
| (flags & G_SPAWN_CLOEXEC_PIPES) != 0, |
| child_setup, |
| user_data, |
| child_pid_out, |
| stdin_pipe_out, |
| stdout_pipe_out, |
| stderr_pipe_out, |
| stdin_fd, |
| stdout_fd, |
| stderr_fd, |
| source_fds, |
| target_fds, |
| n_fds, |
| error); |
| } |
| |
| /** |
| * g_spawn_async_with_fds: |
| * @working_directory: (type filename) (nullable): child's current working directory, or %NULL to inherit parent's, in the GLib file name encoding |
| * @argv: (array zero-terminated=1): child's argument vector, in the GLib file name encoding; |
| * it must be non-empty and %NULL-terminated |
| * @envp: (array zero-terminated=1) (nullable): child's environment, or %NULL to inherit parent's, in the GLib file name encoding |
| * @flags: flags from #GSpawnFlags |
| * @child_setup: (scope async) (closure user_data) (nullable): function to run |
| * in the child just before `exec()` |
| * @user_data: user data for @child_setup |
| * @child_pid: (out) (optional): return location for child process ID, or %NULL |
| * @stdin_fd: file descriptor to use for child's stdin, or `-1` |
| * @stdout_fd: file descriptor to use for child's stdout, or `-1` |
| * @stderr_fd: file descriptor to use for child's stderr, or `-1` |
| * @error: return location for error |
| * |
| * Executes a child program asynchronously. |
| * |
| * Identical to g_spawn_async_with_pipes_and_fds() but with `n_fds` set to zero, |
| * so no FD assignments are used. |
| * |
| * Returns: %TRUE on success, %FALSE if an error was set |
| * |
| * Since: 2.58 |
| */ |
| gboolean |
| g_spawn_async_with_fds (const gchar *working_directory, |
| gchar **argv, |
| gchar **envp, |
| GSpawnFlags flags, |
| GSpawnChildSetupFunc child_setup, |
| gpointer user_data, |
| GPid *child_pid, |
| gint stdin_fd, |
| gint stdout_fd, |
| gint stderr_fd, |
| GError **error) |
| { |
| g_return_val_if_fail (argv != NULL, FALSE); |
| g_return_val_if_fail (argv[0] != NULL, FALSE); |
| g_return_val_if_fail (stdout_fd < 0 || |
| !(flags & G_SPAWN_STDOUT_TO_DEV_NULL), FALSE); |
| g_return_val_if_fail (stderr_fd < 0 || |
| !(flags & G_SPAWN_STDERR_TO_DEV_NULL), FALSE); |
| /* can't inherit stdin if we have an input pipe. */ |
| g_return_val_if_fail (stdin_fd < 0 || |
| !(flags & G_SPAWN_CHILD_INHERITS_STDIN), FALSE); |
| |
| return fork_exec (!(flags & G_SPAWN_DO_NOT_REAP_CHILD), |
| working_directory, |
| (const gchar * const *) argv, |
| (const gchar * const *) envp, |
| !(flags & G_SPAWN_LEAVE_DESCRIPTORS_OPEN), |
| (flags & G_SPAWN_SEARCH_PATH) != 0, |
| (flags & G_SPAWN_SEARCH_PATH_FROM_ENVP) != 0, |
| (flags & G_SPAWN_STDOUT_TO_DEV_NULL) != 0, |
| (flags & G_SPAWN_STDERR_TO_DEV_NULL) != 0, |
| (flags & G_SPAWN_CHILD_INHERITS_STDIN) != 0, |
| (flags & G_SPAWN_FILE_AND_ARGV_ZERO) != 0, |
| (flags & G_SPAWN_CLOEXEC_PIPES) != 0, |
| child_setup, |
| user_data, |
| child_pid, |
| NULL, NULL, NULL, |
| stdin_fd, |
| stdout_fd, |
| stderr_fd, |
| NULL, NULL, 0, |
| error); |
| } |
| |
| /** |
| * g_spawn_command_line_sync: |
| * @command_line: (type filename): a command line |
| * @standard_output: (out) (array zero-terminated=1) (element-type guint8) (optional): return location for child output |
| * @standard_error: (out) (array zero-terminated=1) (element-type guint8) (optional): return location for child errors |
| * @wait_status: (out) (optional): return location for child wait status, as returned by waitpid() |
| * @error: return location for errors |
| * |
| * A simple version of g_spawn_sync() with little-used parameters |
| * removed, taking a command line instead of an argument vector. |
| * |
| * See g_spawn_sync() for full details. |
| * |
| * The @command_line argument will be parsed by g_shell_parse_argv(). |
| * |
| * Unlike g_spawn_sync(), the %G_SPAWN_SEARCH_PATH flag is enabled. |
| * Note that %G_SPAWN_SEARCH_PATH can have security implications, so |
| * consider using g_spawn_sync() directly if appropriate. |
| * |
| * Possible errors are those from g_spawn_sync() and those |
| * from g_shell_parse_argv(). |
| * |
| * If @wait_status is non-%NULL, the platform-specific status of |
| * the child is stored there; see the documentation of |
| * g_spawn_check_wait_status() for how to use and interpret this. |
| * On Unix platforms, note that it is usually not equal |
| * to the integer passed to `exit()` or returned from `main()`. |
| * |
| * On Windows, please note the implications of g_shell_parse_argv() |
| * parsing @command_line. Parsing is done according to Unix shell rules, not |
| * Windows command interpreter rules. |
| * Space is a separator, and backslashes are |
| * special. Thus you cannot simply pass a @command_line containing |
| * canonical Windows paths, like "c:\\program files\\app\\app.exe", as |
| * the backslashes will be eaten, and the space will act as a |
| * separator. You need to enclose such paths with single quotes, like |
| * "'c:\\program files\\app\\app.exe' 'e:\\folder\\argument.txt'". |
| * |
| * Returns: %TRUE on success, %FALSE if an error was set |
| **/ |
| gboolean |
| g_spawn_command_line_sync (const gchar *command_line, |
| gchar **standard_output, |
| gchar **standard_error, |
| gint *wait_status, |
| GError **error) |
| { |
| gboolean retval; |
| gchar **argv = NULL; |
| |
| g_return_val_if_fail (command_line != NULL, FALSE); |
| |
| /* This will return a runtime error if @command_line is the empty string. */ |
| if (!g_shell_parse_argv (command_line, |
| NULL, &argv, |
| error)) |
| return FALSE; |
| |
| retval = g_spawn_sync (NULL, |
| argv, |
| NULL, |
| G_SPAWN_SEARCH_PATH, |
| NULL, |
| NULL, |
| standard_output, |
| standard_error, |
| wait_status, |
| error); |
| g_strfreev (argv); |
| |
| return retval; |
| } |
| |
| /** |
| * g_spawn_command_line_async: |
| * @command_line: (type filename): a command line |
| * @error: return location for errors |
| * |
| * A simple version of g_spawn_async() that parses a command line with |
| * g_shell_parse_argv() and passes it to g_spawn_async(). |
| * |
| * Runs a command line in the background. Unlike g_spawn_async(), the |
| * %G_SPAWN_SEARCH_PATH flag is enabled, other flags are not. Note |
| * that %G_SPAWN_SEARCH_PATH can have security implications, so |
| * consider using g_spawn_async() directly if appropriate. Possible |
| * errors are those from g_shell_parse_argv() and g_spawn_async(). |
| * |
| * The same concerns on Windows apply as for g_spawn_command_line_sync(). |
| * |
| * Returns: %TRUE on success, %FALSE if error is set |
| **/ |
| gboolean |
| g_spawn_command_line_async (const gchar *command_line, |
| GError **error) |
| { |
| gboolean retval; |
| gchar **argv = NULL; |
| |
| g_return_val_if_fail (command_line != NULL, FALSE); |
| |
| /* This will return a runtime error if @command_line is the empty string. */ |
| if (!g_shell_parse_argv (command_line, |
| NULL, &argv, |
| error)) |
| return FALSE; |
| |
| retval = g_spawn_async (NULL, |
| argv, |
| NULL, |
| G_SPAWN_SEARCH_PATH, |
| NULL, |
| NULL, |
| NULL, |
| error); |
| g_strfreev (argv); |
| |
| return retval; |
| } |
| |
| /** |
| * g_spawn_check_wait_status: |
| * @wait_status: A platform-specific wait status as returned from g_spawn_sync() |
| * @error: a #GError |
| * |
| * Set @error if @wait_status indicates the child exited abnormally |
| * (e.g. with a nonzero exit code, or via a fatal signal). |
| * |
| * The g_spawn_sync() and g_child_watch_add() family of APIs return the |
| * status of subprocesses encoded in a platform-specific way. |
| * On Unix, this is guaranteed to be in the same format waitpid() returns, |
| * and on Windows it is guaranteed to be the result of GetExitCodeProcess(). |
| * |
| * Prior to the introduction of this function in GLib 2.34, interpreting |
| * @wait_status required use of platform-specific APIs, which is problematic |
| * for software using GLib as a cross-platform layer. |
| * |
| * Additionally, many programs simply want to determine whether or not |
| * the child exited successfully, and either propagate a #GError or |
| * print a message to standard error. In that common case, this function |
| * can be used. Note that the error message in @error will contain |
| * human-readable information about the wait status. |
| * |
| * The @domain and @code of @error have special semantics in the case |
| * where the process has an "exit code", as opposed to being killed by |
| * a signal. On Unix, this happens if WIFEXITED() would be true of |
| * @wait_status. On Windows, it is always the case. |
| * |
| * The special semantics are that the actual exit code will be the |
| * code set in @error, and the domain will be %G_SPAWN_EXIT_ERROR. |
| * This allows you to differentiate between different exit codes. |
| * |
| * If the process was terminated by some means other than an exit |
| * status (for example if it was killed by a signal), the domain will be |
| * %G_SPAWN_ERROR and the code will be %G_SPAWN_ERROR_FAILED. |
| * |
| * This function just offers convenience; you can of course also check |
| * the available platform via a macro such as %G_OS_UNIX, and use |
| * WIFEXITED() and WEXITSTATUS() on @wait_status directly. Do not attempt |
| * to scan or parse the error message string; it may be translated and/or |
| * change in future versions of GLib. |
| * |
| * Prior to version 2.70, g_spawn_check_exit_status() provides the same |
| * functionality, although under a misleading name. |
| * |
| * Returns: %TRUE if child exited successfully, %FALSE otherwise (and |
| * @error will be set) |
| * |
| * Since: 2.70 |
| */ |
| gboolean |
| g_spawn_check_wait_status (gint wait_status, |
| GError **error) |
| { |
| gboolean ret = FALSE; |
| |
| if (WIFEXITED (wait_status)) |
| { |
| if (WEXITSTATUS (wait_status) != 0) |
| { |
| g_set_error (error, G_SPAWN_EXIT_ERROR, WEXITSTATUS (wait_status), |
| _("Child process exited with code %ld"), |
| (long) WEXITSTATUS (wait_status)); |
| goto out; |
| } |
| } |
| else if (WIFSIGNALED (wait_status)) |
| { |
| g_set_error (error, G_SPAWN_ERROR, G_SPAWN_ERROR_FAILED, |
| _("Child process killed by signal %ld"), |
| (long) WTERMSIG (wait_status)); |
| goto out; |
| } |
| else if (WIFSTOPPED (wait_status)) |
| { |
| g_set_error (error, G_SPAWN_ERROR, G_SPAWN_ERROR_FAILED, |
| _("Child process stopped by signal %ld"), |
| (long) WSTOPSIG (wait_status)); |
| goto out; |
| } |
| else |
| { |
| g_set_error (error, G_SPAWN_ERROR, G_SPAWN_ERROR_FAILED, |
| _("Child process exited abnormally")); |
| goto out; |
| } |
| |
| ret = TRUE; |
| out: |
| return ret; |
| } |
| |
| /** |
| * g_spawn_check_exit_status: |
| * @wait_status: A status as returned from g_spawn_sync() |
| * @error: a #GError |
| * |
| * An old name for g_spawn_check_wait_status(), deprecated because its |
| * name is misleading. |
| * |
| * Despite the name of the function, @wait_status must be the wait status |
| * as returned by g_spawn_sync(), g_subprocess_get_status(), `waitpid()`, |
| * etc. On Unix platforms, it is incorrect for it to be the exit status |
| * as passed to `exit()` or returned by g_subprocess_get_exit_status() or |
| * `WEXITSTATUS()`. |
| * |
| * Returns: %TRUE if child exited successfully, %FALSE otherwise (and |
| * @error will be set) |
| * |
| * Since: 2.34 |
| * |
| * Deprecated: 2.70: Use g_spawn_check_wait_status() instead, and check whether your code is conflating wait and exit statuses. |
| */ |
| gboolean |
| g_spawn_check_exit_status (gint wait_status, |
| GError **error) |
| { |
| return g_spawn_check_wait_status (wait_status, error); |
| } |
| |
| /* This function is called between fork() and exec() and hence must be |
| * async-signal-safe (see signal-safety(7)). */ |
| static gssize |
| write_all (gint fd, gconstpointer vbuf, gsize to_write) |
| { |
| gchar *buf = (gchar *) vbuf; |
| |
| while (to_write > 0) |
| { |
| gssize count = write (fd, buf, to_write); |
| if (count < 0) |
| { |
| if (errno != EINTR) |
| return FALSE; |
| } |
| else |
| { |
| to_write -= count; |
| buf += count; |
| } |
| } |
| |
| return TRUE; |
| } |
| |
| /* This function is called between fork() and exec() and hence must be |
| * async-signal-safe (see signal-safety(7)). */ |
| G_NORETURN |
| static void |
| write_err_and_exit (gint fd, gint msg) |
| { |
| gint en = errno; |
| |
| write_all (fd, &msg, sizeof(msg)); |
| write_all (fd, &en, sizeof(en)); |
| |
| _exit (1); |
| } |
| |
| /* This function is called between fork() and exec() and hence must be |
| * async-signal-safe (see signal-safety(7)). */ |
| static void |
| set_cloexec (int fd) |
| { |
| fcntl (fd, F_SETFD, FD_CLOEXEC); |
| } |
| |
| /* This function is called between fork() and exec() and hence must be |
| * async-signal-safe (see signal-safety(7)). */ |
| static void |
| unset_cloexec (int fd) |
| { |
| int flags; |
| int result; |
| |
| flags = fcntl (fd, F_GETFD, 0); |
| |
| if (flags != -1) |
| { |
| int errsv; |
| flags &= (~FD_CLOEXEC); |
| do |
| { |
| result = fcntl (fd, F_SETFD, flags); |
| errsv = errno; |
| } |
| while (result == -1 && errsv == EINTR); |
| } |
| } |
| |
| /* This function is called between fork() and exec() and hence must be |
| * async-signal-safe (see signal-safety(7)). */ |
| static int |
| dupfd_cloexec (int old_fd, int new_fd_min) |
| { |
| int fd, errsv; |
| #ifdef F_DUPFD_CLOEXEC |
| do |
| { |
| fd = fcntl (old_fd, F_DUPFD_CLOEXEC, new_fd_min); |
| errsv = errno; |
| } |
| while (fd == -1 && errsv == EINTR); |
| #else |
| /* OS X Snow Lion and earlier don't have F_DUPFD_CLOEXEC: |
| * https://bugzilla.gnome.org/show_bug.cgi?id=710962 |
| */ |
| int result, flags; |
| do |
| { |
| fd = fcntl (old_fd, F_DUPFD, new_fd_min); |
| errsv = errno; |
| } |
| while (fd == -1 && errsv == EINTR); |
| flags = fcntl (fd, F_GETFD, 0); |
| if (flags != -1) |
| { |
| flags |= FD_CLOEXEC; |
| do |
| { |
| result = fcntl (fd, F_SETFD, flags); |
| errsv = errno; |
| } |
| while (result == -1 && errsv == EINTR); |
| } |
| #endif |
| return fd; |
| } |
| |
| /* This function is called between fork() and exec() and hence must be |
| * async-signal-safe (see signal-safety(7)). */ |
| static gint |
| safe_dup2 (gint fd1, gint fd2) |
| { |
| gint ret; |
| |
| do |
| ret = dup2 (fd1, fd2); |
| while (ret < 0 && (errno == EINTR || errno == EBUSY)); |
| |
| return ret; |
| } |
| |
| /* This function is called between fork() and exec() and hence must be |
| * async-signal-safe (see signal-safety(7)). */ |
| static gboolean |
| relocate_fd_out_of_standard_range (gint *fd) |
| { |
| gint ret = -1; |
| const int min_fileno = STDERR_FILENO + 1; |
| |
| do |
| ret = fcntl (*fd, F_DUPFD, min_fileno); |
| while (ret < 0 && errno == EINTR); |
| |
| /* Note we don't need to close the old fd, because the caller is expected |
| * to close fds in the standard range itself. |
| */ |
| if (ret >= min_fileno) |
| { |
| *fd = ret; |
| return TRUE; |
| } |
| |
| return FALSE; |
| } |
| |
| /* This function is called between fork() and exec() and hence must be |
| * async-signal-safe (see signal-safety(7)). */ |
| static gint |
| safe_open (const char *path, gint mode) |
| { |
| gint ret; |
| |
| do |
| ret = open (path, mode); |
| while (ret < 0 && errno == EINTR); |
| |
| return ret; |
| } |
| |
| enum |
| { |
| CHILD_CHDIR_FAILED, |
| CHILD_EXEC_FAILED, |
| CHILD_OPEN_FAILED, |
| CHILD_DUPFD_FAILED, |
| CHILD_FORK_FAILED, |
| CHILD_CLOSE_FAILED, |
| }; |
| |
| /* This function is called between fork() and exec() and hence must be |
| * async-signal-safe (see signal-safety(7)) until it calls exec(). |
| * |
| * All callers must guarantee that @argv and @argv[0] are non-NULL. */ |
| static void |
| do_exec (gint child_err_report_fd, |
| gint stdin_fd, |
| gint stdout_fd, |
| gint stderr_fd, |
| gint *source_fds, |
| const gint *target_fds, |
| gsize n_fds, |
| const gchar *working_directory, |
| const gchar * const *argv, |
| gchar **argv_buffer, |
| gsize argv_buffer_len, |
| const gchar * const *envp, |
| gboolean close_descriptors, |
| const gchar *search_path, |
| gchar *search_path_buffer, |
| gsize search_path_buffer_len, |
| gboolean stdout_to_null, |
| gboolean stderr_to_null, |
| gboolean child_inherits_stdin, |
| gboolean file_and_argv_zero, |
| GSpawnChildSetupFunc child_setup, |
| gpointer user_data) |
| { |
| gsize i; |
| gint max_target_fd = 0; |
| |
| if (working_directory && chdir (working_directory) < 0) |
| write_err_and_exit (child_err_report_fd, |
| CHILD_CHDIR_FAILED); |
| |
| /* It's possible the caller assigned stdin to an fd with a |
| * file number that is supposed to be reserved for |
| * stdout or stderr. |
| * |
| * If so, move it up out of the standard range, so it doesn't |
| * cause a conflict. |
| */ |
| if (IS_STD_FILENO (stdin_fd) && stdin_fd != STDIN_FILENO) |
| { |
| int old_fd = stdin_fd; |
| |
| if (!relocate_fd_out_of_standard_range (&stdin_fd)) |
| write_err_and_exit (child_err_report_fd, CHILD_DUPFD_FAILED); |
| |
| if (stdout_fd == old_fd) |
| stdout_fd = stdin_fd; |
| |
| if (stderr_fd == old_fd) |
| stderr_fd = stdin_fd; |
| } |
| |
| /* Redirect pipes as required |
| * |
| * There are two cases where we don't need to do the redirection |
| * 1. Where the associated file descriptor is cleared/invalid |
| * 2. When the associated file descriptor is already given the |
| * correct file number. |
| */ |
| if (IS_VALID_FILENO (stdin_fd) && stdin_fd != STDIN_FILENO) |
| { |
| if (safe_dup2 (stdin_fd, 0) < 0) |
| write_err_and_exit (child_err_report_fd, |
| CHILD_DUPFD_FAILED); |
| |
| set_cloexec (stdin_fd); |
| } |
| else if (!child_inherits_stdin) |
| { |
| /* Keep process from blocking on a read of stdin */ |
| gint read_null = safe_open ("/dev/null", O_RDONLY); |
| if (read_null < 0) |
| write_err_and_exit (child_err_report_fd, |
| CHILD_OPEN_FAILED); |
| if (safe_dup2 (read_null, 0) < 0) |
| write_err_and_exit (child_err_report_fd, |
| CHILD_DUPFD_FAILED); |
| g_clear_fd (&read_null, NULL); |
| } |
| |
| /* Like with stdin above, it's possible the caller assigned |
| * stdout to an fd with a file number that's intruding on the |
| * standard range. |
| * |
| * If so, move it out of the way, too. |
| */ |
| if (IS_STD_FILENO (stdout_fd) && stdout_fd != STDOUT_FILENO) |
| { |
| int old_fd = stdout_fd; |
| |
| if (!relocate_fd_out_of_standard_range (&stdout_fd)) |
| write_err_and_exit (child_err_report_fd, CHILD_DUPFD_FAILED); |
| |
| if (stderr_fd == old_fd) |
| stderr_fd = stdout_fd; |
| } |
| |
| if (IS_VALID_FILENO (stdout_fd) && stdout_fd != STDOUT_FILENO) |
| { |
| if (safe_dup2 (stdout_fd, 1) < 0) |
| write_err_and_exit (child_err_report_fd, |
| CHILD_DUPFD_FAILED); |
| |
| set_cloexec (stdout_fd); |
| } |
| else if (stdout_to_null) |
| { |
| gint write_null = safe_open ("/dev/null", O_WRONLY); |
| if (write_null < 0) |
| write_err_and_exit (child_err_report_fd, |
| CHILD_OPEN_FAILED); |
| if (safe_dup2 (write_null, 1) < 0) |
| write_err_and_exit (child_err_report_fd, |
| CHILD_DUPFD_FAILED); |
| g_clear_fd (&write_null, NULL); |
| } |
| |
| if (IS_STD_FILENO (stderr_fd) && stderr_fd != STDERR_FILENO) |
| { |
| if (!relocate_fd_out_of_standard_range (&stderr_fd)) |
| write_err_and_exit (child_err_report_fd, CHILD_DUPFD_FAILED); |
| } |
| |
| /* Like with stdin/stdout above, it's possible the caller assigned |
| * stderr to an fd with a file number that's intruding on the |
| * standard range. |
| * |
| * Make sure it's out of the way, also. |
| */ |
| if (IS_VALID_FILENO (stderr_fd) && stderr_fd != STDERR_FILENO) |
| { |
| if (safe_dup2 (stderr_fd, 2) < 0) |
| write_err_and_exit (child_err_report_fd, |
| CHILD_DUPFD_FAILED); |
| |
| set_cloexec (stderr_fd); |
| } |
| else if (stderr_to_null) |
| { |
| gint write_null = safe_open ("/dev/null", O_WRONLY); |
| if (write_null < 0) |
| write_err_and_exit (child_err_report_fd, |
| CHILD_OPEN_FAILED); |
| if (safe_dup2 (write_null, 2) < 0) |
| write_err_and_exit (child_err_report_fd, |
| CHILD_DUPFD_FAILED); |
| g_clear_fd (&write_null, NULL); |
| } |
| |
| /* Close all file descriptors but stdin, stdout and stderr, and any of source_fds, |
| * before we exec. Note that this includes |
| * child_err_report_fd, which keeps the parent from blocking |
| * forever on the other end of that pipe. |
| */ |
| if (close_descriptors) |
| { |
| if (child_setup == NULL && n_fds == 0) |
| { |
| if (safe_dup2 (child_err_report_fd, 3) < 0) |
| write_err_and_exit (child_err_report_fd, CHILD_DUPFD_FAILED); |
| set_cloexec (3); |
| if (g_closefrom (4) < 0) |
| write_err_and_exit (child_err_report_fd, CHILD_CLOSE_FAILED); |
| child_err_report_fd = 3; |
| } |
| else |
| { |
| if (g_fdwalk_set_cloexec (3) < 0) |
| write_err_and_exit (child_err_report_fd, CHILD_CLOSE_FAILED); |
| } |
| } |
| else |
| { |
| /* We need to do child_err_report_fd anyway */ |
| set_cloexec (child_err_report_fd); |
| } |
| |
| /* |
| * Work through the @source_fds and @target_fds mapping. |
| * |
| * Based on code originally derived from |
| * gnome-terminal:src/terminal-screen.c:terminal_screen_child_setup(), |
| * used under the LGPLv2+ with permission from author. (The code has |
| * since migrated to vte:src/spawn.cc:SpawnContext::exec and is no longer |
| * terribly similar to what we have here.) |
| */ |
| |
| if (n_fds > 0) |
| { |
| for (i = 0; i < n_fds; i++) |
| max_target_fd = MAX (max_target_fd, target_fds[i]); |
| |
| if (max_target_fd == G_MAXINT) |
| { |
| errno = EINVAL; |
| write_err_and_exit (child_err_report_fd, CHILD_DUPFD_FAILED); |
| } |
| |
| /* If we're doing remapping fd assignments, we need to handle |
| * the case where the user has specified e.g. 5 -> 4, 4 -> 6. |
| * We do this by duping all source fds, taking care to ensure the new |
| * fds are larger than any target fd to avoid introducing new conflicts. |
| */ |
| for (i = 0; i < n_fds; i++) |
| { |
| if (source_fds[i] != target_fds[i]) |
| { |
| source_fds[i] = dupfd_cloexec (source_fds[i], max_target_fd + 1); |
| if (source_fds[i] < 0) |
| write_err_and_exit (child_err_report_fd, CHILD_DUPFD_FAILED); |
| } |
| } |
| |
| for (i = 0; i < n_fds; i++) |
| { |
| /* For basic fd assignments (where source == target), we can just |
| * unset FD_CLOEXEC. |
| */ |
| if (source_fds[i] == target_fds[i]) |
| { |
| unset_cloexec (source_fds[i]); |
| } |
| else |
| { |
| /* If any of the @target_fds conflict with @child_err_report_fd, |
| * dup it so it doesn’t get conflated. |
| */ |
| if (target_fds[i] == child_err_report_fd) |
| { |
| child_err_report_fd = dupfd_cloexec (child_err_report_fd, max_target_fd + 1); |
| if (child_err_report_fd < 0) |
| write_err_and_exit (child_err_report_fd, CHILD_DUPFD_FAILED); |
| } |
| |
| if (safe_dup2 (source_fds[i], target_fds[i]) < 0) |
| write_err_and_exit (child_err_report_fd, CHILD_DUPFD_FAILED); |
| |
| g_clear_fd (&source_fds[i], NULL); |
| } |
| } |
| } |
| |
| /* Call user function just before we exec */ |
| if (child_setup) |
| { |
| (* child_setup) (user_data); |
| } |
| |
| g_execute (argv[0], |
| (gchar **) (file_and_argv_zero ? argv + 1 : argv), |
| argv_buffer, argv_buffer_len, |
| (gchar **) envp, search_path, search_path_buffer, search_path_buffer_len); |
| |
| /* Exec failed */ |
| write_err_and_exit (child_err_report_fd, |
| CHILD_EXEC_FAILED); |
| } |
| |
| static gboolean |
| read_ints (int fd, |
| gint* buf, |
| gint n_ints_in_buf, |
| gint *n_ints_read, |
| GError **error) |
| { |
| gsize bytes = 0; |
| |
| while (TRUE) |
| { |
| gssize chunk; |
| |
| if (bytes >= sizeof(gint)*2) |
| break; /* give up, who knows what happened, should not be |
| * possible. |
| */ |
| |
| again: |
| chunk = read (fd, |
| ((gchar*)buf) + bytes, |
| sizeof(gint) * n_ints_in_buf - bytes); |
| if (chunk < 0 && errno == EINTR) |
| goto again; |
| |
| if (chunk < 0) |
| { |
| int errsv = errno; |
| |
| /* Some weird shit happened, bail out */ |
| g_set_error (error, |
| G_SPAWN_ERROR, |
| G_SPAWN_ERROR_FAILED, |
| _("Failed to read from child pipe (%s)"), |
| g_strerror (errsv)); |
| |
| return FALSE; |
| } |
| else if (chunk == 0) |
| break; /* EOF */ |
| else /* chunk > 0 */ |
| bytes += chunk; |
| } |
| |
| *n_ints_read = (gint)(bytes / sizeof(gint)); |
| |
| return TRUE; |
| } |
| |
| #ifdef POSIX_SPAWN_AVAILABLE |
| static gboolean |
| do_posix_spawn (const gchar * const *argv, |
| const gchar * const *envp, |
| gboolean search_path, |
| gboolean stdout_to_null, |
| gboolean stderr_to_null, |
| gboolean child_inherits_stdin, |
| gboolean file_and_argv_zero, |
| GPid *child_pid, |
| gint *child_close_fds, |
| gint stdin_fd, |
| gint stdout_fd, |
| gint stderr_fd, |
| const gint *source_fds, |
| const gint *target_fds, |
| gsize n_fds) |
| { |
| pid_t pid; |
| gint *duped_source_fds = NULL; |
| gint max_target_fd = 0; |
| const gchar * const *argv_pass; |
| posix_spawnattr_t attr; |
| posix_spawn_file_actions_t file_actions; |
| gint parent_close_fds[3]; |
| gsize num_parent_close_fds = 0; |
| GSList *child_close = NULL; |
| GSList *elem; |
| sigset_t mask; |
| gsize i; |
| int r; |
| |
| g_assert (argv != NULL && argv[0] != NULL); |
| |
| if (*argv[0] == '\0') |
| { |
| /* We check the simple case first. */ |
| return ENOENT; |
| } |
| |
| r = posix_spawnattr_init (&attr); |
| if (r != 0) |
| return r; |
| |
| if (child_close_fds) |
| { |
| int i = -1; |
| while (child_close_fds[++i] != -1) |
| child_close = g_slist_prepend (child_close, |
| GINT_TO_POINTER (child_close_fds[i])); |
| } |
| |
| r = posix_spawnattr_setflags (&attr, POSIX_SPAWN_SETSIGDEF); |
| if (r != 0) |
| goto out_free_spawnattr; |
| |
| /* Reset some signal handlers that we may use */ |
| sigemptyset (&mask); |
| sigaddset (&mask, SIGCHLD); |
| sigaddset (&mask, SIGINT); |
| sigaddset (&mask, SIGTERM); |
| sigaddset (&mask, SIGHUP); |
| |
| r = posix_spawnattr_setsigdefault (&attr, &mask); |
| if (r != 0) |
| goto out_free_spawnattr; |
| |
| r = posix_spawn_file_actions_init (&file_actions); |
| if (r != 0) |
| goto out_free_spawnattr; |
| |
| /* Redirect pipes as required */ |
| |
| if (stdin_fd >= 0) |
| { |
| r = posix_spawn_file_actions_adddup2 (&file_actions, stdin_fd, 0); |
| if (r != 0) |
| goto out_close_fds; |
| |
| if (!g_slist_find (child_close, GINT_TO_POINTER (stdin_fd))) |
| child_close = g_slist_prepend (child_close, GINT_TO_POINTER (stdin_fd)); |
| } |
| else if (!child_inherits_stdin) |
| { |
| /* Keep process from blocking on a read of stdin */ |
| gint read_null = safe_open ("/dev/null", O_RDONLY | O_CLOEXEC); |
| g_assert (read_null != -1); |
| parent_close_fds[num_parent_close_fds++] = read_null; |
| |
| #ifndef HAVE_O_CLOEXEC |
| fcntl (read_null, F_SETFD, FD_CLOEXEC); |
| #endif |
| |
| r = posix_spawn_file_actions_adddup2 (&file_actions, read_null, 0); |
| if (r != 0) |
| goto out_close_fds; |
| } |
| |
| if (stdout_fd >= 0) |
| { |
| r = posix_spawn_file_actions_adddup2 (&file_actions, stdout_fd, 1); |
| if (r != 0) |
| goto out_close_fds; |
| |
| if (!g_slist_find (child_close, GINT_TO_POINTER (stdout_fd))) |
| child_close = g_slist_prepend (child_close, GINT_TO_POINTER (stdout_fd)); |
| } |
| else if (stdout_to_null) |
| { |
| gint write_null = safe_open ("/dev/null", O_WRONLY | O_CLOEXEC); |
| g_assert (write_null != -1); |
| parent_close_fds[num_parent_close_fds++] = write_null; |
| |
| #ifndef HAVE_O_CLOEXEC |
| fcntl (write_null, F_SETFD, FD_CLOEXEC); |
| #endif |
| |
| r = posix_spawn_file_actions_adddup2 (&file_actions, write_null, 1); |
| if (r != 0) |
| goto out_close_fds; |
| } |
| |
| if (stderr_fd >= 0) |
| { |
| r = posix_spawn_file_actions_adddup2 (&file_actions, stderr_fd, 2); |
| if (r != 0) |
| goto out_close_fds; |
| |
| if (!g_slist_find (child_close, GINT_TO_POINTER (stderr_fd))) |
| child_close = g_slist_prepend (child_close, GINT_TO_POINTER (stderr_fd)); |
| } |
| else if (stderr_to_null) |
| { |
| gint write_null = safe_open ("/dev/null", O_WRONLY | O_CLOEXEC); |
| g_assert (write_null != -1); |
| parent_close_fds[num_parent_close_fds++] = write_null; |
| |
| #ifndef HAVE_O_CLOEXEC |
| fcntl (write_null, F_SETFD, FD_CLOEXEC); |
| #endif |
| |
| r = posix_spawn_file_actions_adddup2 (&file_actions, write_null, 2); |
| if (r != 0) |
| goto out_close_fds; |
| } |
| |
| /* If source_fds[i] != target_fds[i], we need to handle the case |
| * where the user has specified, e.g., 5 -> 4, 4 -> 6. We do this |
| * by duping the source fds, taking care to ensure the new fds are |
| * larger than any target fd to avoid introducing new conflicts. |
| * |
| * If source_fds[i] == target_fds[i], then we just need to leak |
| * the fd into the child process, which we *could* do by temporarily |
| * unsetting CLOEXEC and then setting it again after we spawn if |
| * it was originally set. POSIX requires that the addup2 action unset |
| * CLOEXEC if source and target are identical, so you'd think doing it |
| * manually wouldn't be needed, but unfortunately as of 2021 many |
| * libcs still don't do so. Example nonconforming libcs: |
| * Bionic: https://android.googlesource.com/platform/bionic/+/f6e5b582604715729b09db3e36a7aeb8c24b36a4/libc/bionic/spawn.cpp#71 |
| * uclibc-ng: https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/librt/spawn.c?id=7c36bcae09d66bbaa35cbb02253ae0556f42677e#n88 |
| * |
| * Anyway, unsetting CLOEXEC ourselves would open a small race window |
| * where the fd could be inherited into a child process if another |
| * thread spawns something at the same time, because we have not |
| * called fork() and are multithreaded here. This race is avoidable by |
| * using dupfd_cloexec, which we already have to do to handle the |
| * source_fds[i] != target_fds[i] case. So let's always do it! |
| */ |
| |
| for (i = 0; i < n_fds; i++) |
| max_target_fd = MAX (max_target_fd, target_fds[i]); |
| |
| if (max_target_fd == G_MAXINT) |
| goto out_close_fds; |
| |
| duped_source_fds = g_new (gint, n_fds); |
| for (i = 0; i < n_fds; i++) |
| { |
| duped_source_fds[i] = dupfd_cloexec (source_fds[i], max_target_fd + 1); |
| if (duped_source_fds[i] < 0) |
| goto out_close_fds; |
| } |
| |
| for (i = 0; i < n_fds; i++) |
| { |
| r = posix_spawn_file_actions_adddup2 (&file_actions, duped_source_fds[i], target_fds[i]); |
| if (r != 0) |
| goto out_close_fds; |
| } |
| |
| /* Intentionally close the fds in the child as the last file action, |
| * having been careful not to add the same fd to this list twice. |
| * |
| * This is important to allow (e.g.) for the same fd to be passed as stdout |
| * and stderr (we must not close it before we have dupped it in both places, |
| * and we must not attempt to close it twice). |
| */ |
| for (elem = child_close; elem != NULL; elem = elem->next) |
| { |
| r = posix_spawn_file_actions_addclose (&file_actions, |
| GPOINTER_TO_INT (elem->data)); |
| if (r != 0) |
| goto out_close_fds; |
| } |
| |
| argv_pass = file_and_argv_zero ? argv + 1 : argv; |
| if (envp == NULL) |
| envp = (const gchar * const *) environ; |
| |
| /* Don't search when it contains a slash. */ |
| if (!search_path || strchr (argv[0], '/') != NULL) |
| r = posix_spawn (&pid, argv[0], &file_actions, &attr, (char * const *) argv_pass, (char * const *) envp); |
| else |
| r = posix_spawnp (&pid, argv[0], &file_actions, &attr, (char * const *) argv_pass, (char * const *) envp); |
| |
| if (r == 0 && child_pid != NULL) |
| *child_pid = pid; |
| |
| out_close_fds: |
| for (i = 0; i < num_parent_close_fds; i++) |
| g_clear_fd (&parent_close_fds[i], NULL); |
| |
| if (duped_source_fds != NULL) |
| { |
| for (i = 0; i < n_fds; i++) |
| g_clear_fd (&duped_source_fds[i], NULL); |
| g_free (duped_source_fds); |
| } |
| |
| posix_spawn_file_actions_destroy (&file_actions); |
| out_free_spawnattr: |
| posix_spawnattr_destroy (&attr); |
| g_slist_free (child_close); |
| |
| return r; |
| } |
| #endif /* POSIX_SPAWN_AVAILABLE */ |
| |
| static gboolean |
| source_fds_collide_with_pipe (const GUnixPipe *pipefd, |
| const int *source_fds, |
| gsize n_fds, |
| GError **error) |
| { |
| return (_g_spawn_invalid_source_fd (pipefd->fds[G_UNIX_PIPE_END_READ], source_fds, n_fds, error) || |
| _g_spawn_invalid_source_fd (pipefd->fds[G_UNIX_PIPE_END_WRITE], source_fds, n_fds, error)); |
| } |
| |
| static gboolean |
| fork_exec (gboolean intermediate_child, |
| const gchar *working_directory, |
| const gchar * const *argv, |
| const gchar * const *envp, |
| gboolean close_descriptors, |
| gboolean search_path, |
| gboolean search_path_from_envp, |
| gboolean stdout_to_null, |
| gboolean stderr_to_null, |
| gboolean child_inherits_stdin, |
| gboolean file_and_argv_zero, |
| gboolean cloexec_pipes, |
| GSpawnChildSetupFunc child_setup, |
| gpointer user_data, |
| GPid *child_pid, |
| gint *stdin_pipe_out, |
| gint *stdout_pipe_out, |
| gint *stderr_pipe_out, |
| gint stdin_fd, |
| gint stdout_fd, |
| gint stderr_fd, |
| const gint *source_fds, |
| const gint *target_fds, |
| gsize n_fds, |
| GError **error) |
| { |
| GPid pid = -1; |
| GUnixPipe child_err_report_pipe = G_UNIX_PIPE_INIT; |
| GUnixPipe child_pid_report_pipe = G_UNIX_PIPE_INIT; |
| guint pipe_flags = cloexec_pipes ? O_CLOEXEC : 0; |
| gint status; |
| const gchar *chosen_search_path; |
| gchar *search_path_buffer = NULL; |
| gchar *search_path_buffer_heap = NULL; |
| gsize search_path_buffer_len = 0; |
| gchar **argv_buffer = NULL; |
| gchar **argv_buffer_heap = NULL; |
| gsize argv_buffer_len = 0; |
| GUnixPipe stdin_pipe = G_UNIX_PIPE_INIT; |
| GUnixPipe stdout_pipe = G_UNIX_PIPE_INIT; |
| GUnixPipe stderr_pipe = G_UNIX_PIPE_INIT; |
| gint child_close_fds[4] = { -1, -1, -1, -1 }; |
| gint n_child_close_fds = 0; |
| gint *source_fds_copy = NULL; |
| |
| g_assert (argv != NULL && argv[0] != NULL); |
| g_assert (stdin_pipe_out == NULL || stdin_fd < 0); |
| g_assert (stdout_pipe_out == NULL || stdout_fd < 0); |
| g_assert (stderr_pipe_out == NULL || stderr_fd < 0); |
| |
| /* If pipes have been requested, open them */ |
| if (stdin_pipe_out != NULL) |
| { |
| if (!g_unix_pipe_open (&stdin_pipe, pipe_flags, error)) |
| goto cleanup_and_fail; |
| if (source_fds_collide_with_pipe (&stdin_pipe, source_fds, n_fds, error)) |
| goto cleanup_and_fail; |
| child_close_fds[n_child_close_fds++] = g_unix_pipe_get (&stdin_pipe, G_UNIX_PIPE_END_WRITE); |
| stdin_fd = g_unix_pipe_get (&stdin_pipe, G_UNIX_PIPE_END_READ); |
| } |
| |
| if (stdout_pipe_out != NULL) |
| { |
| if (!g_unix_pipe_open (&stdout_pipe, pipe_flags, error)) |
| goto cleanup_and_fail; |
| if (source_fds_collide_with_pipe (&stdout_pipe, source_fds, n_fds, error)) |
| goto cleanup_and_fail; |
| child_close_fds[n_child_close_fds++] = g_unix_pipe_get (&stdout_pipe, G_UNIX_PIPE_END_READ); |
| stdout_fd = g_unix_pipe_get (&stdout_pipe, G_UNIX_PIPE_END_WRITE); |
| } |
| |
| if (stderr_pipe_out != NULL) |
| { |
| if (!g_unix_pipe_open (&stderr_pipe, pipe_flags, error)) |
| goto cleanup_and_fail; |
| if (source_fds_collide_with_pipe (&stderr_pipe, source_fds, n_fds, error)) |
| goto cleanup_and_fail; |
| child_close_fds[n_child_close_fds++] = g_unix_pipe_get (&stderr_pipe, G_UNIX_PIPE_END_READ); |
| stderr_fd = g_unix_pipe_get (&stderr_pipe, G_UNIX_PIPE_END_WRITE); |
| } |
| |
| child_close_fds[n_child_close_fds++] = -1; |
| |
| #ifdef POSIX_SPAWN_AVAILABLE |
| if (!intermediate_child && working_directory == NULL && !close_descriptors && |
| !search_path_from_envp && child_setup == NULL) |
| { |
| g_trace_mark (G_TRACE_CURRENT_TIME, 0, |
| "GLib", "posix_spawn", |
| "%s", argv[0]); |
| |
| status = do_posix_spawn (argv, |
| envp, |
| search_path, |
| stdout_to_null, |
| stderr_to_null, |
| child_inherits_stdin, |
| file_and_argv_zero, |
| child_pid, |
| child_close_fds, |
| stdin_fd, |
| stdout_fd, |
| stderr_fd, |
| source_fds, |
| target_fds, |
| n_fds); |
| if (status == 0) |
| goto success; |
| |
| if (status != ENOEXEC) |
| { |
| g_set_error (error, |
| G_SPAWN_ERROR, |
| G_SPAWN_ERROR_FAILED, |
| _("Failed to spawn child process “%s” (%s)"), |
| argv[0], |
| g_strerror (status)); |
| goto cleanup_and_fail; |
| } |
| |
| /* posix_spawn is not intended to support script execution. It does in |
| * some situations on some glibc versions, but that will be fixed. |
| * So if it fails with ENOEXEC, we fall through to the regular |
| * gspawn codepath so that script execution can be attempted, |
| * per standard gspawn behaviour. */ |
| g_debug ("posix_spawn failed (ENOEXEC), fall back to regular gspawn"); |
| } |
| else |
| { |
| g_trace_mark (G_TRACE_CURRENT_TIME, 0, |
| "GLib", "fork", |
| "posix_spawn avoided %s%s%s%s%s", |
| !intermediate_child ? "" : "(automatic reaping requested) ", |
| working_directory == NULL ? "" : "(workdir specified) ", |
| !close_descriptors ? "" : "(fd close requested) ", |
| !search_path_from_envp ? "" : "(using envp for search path) ", |
| child_setup == NULL ? "" : "(child_setup specified) "); |
| } |
| #endif /* POSIX_SPAWN_AVAILABLE */ |
| |
| /* Choose a search path. This has to be done before calling fork() |
| * as getenv() isn’t async-signal-safe (see `man 7 signal-safety`). */ |
| chosen_search_path = NULL; |
| if (search_path_from_envp) |
| chosen_search_path = g_environ_getenv ((gchar **) envp, "PATH"); |
| if (search_path && chosen_search_path == NULL) |
| chosen_search_path = g_getenv ("PATH"); |
| |
| if ((search_path || search_path_from_envp) && chosen_search_path == NULL) |
| { |
| /* There is no 'PATH' in the environment. The default |
| * * search path in libc is the current directory followed by |
| * * the path 'confstr' returns for '_CS_PATH'. |
| * */ |
| |
| /* In GLib we put . last, for security, and don't use the |
| * * unportable confstr(); UNIX98 does not actually specify |
| * * what to search if PATH is unset. POSIX may, dunno. |
| * */ |
| |
| chosen_search_path = "/bin:/usr/bin:."; |
| } |
| |
| if (search_path || search_path_from_envp) |
| g_assert (chosen_search_path != NULL); |
| else |
| g_assert (chosen_search_path == NULL); |
| |
| /* Allocate a buffer which the fork()ed child can use to assemble potential |
| * paths for the binary to exec(), combining the argv[0] and elements from |
| * the chosen_search_path. This can’t be done in the child because malloc() |
| * (or alloca()) are not async-signal-safe (see `man 7 signal-safety`). |
| * |
| * Add 2 for the nul terminator and a leading `/`. */ |
| if (chosen_search_path != NULL) |
| { |
| search_path_buffer_len = strlen (chosen_search_path) + strlen (argv[0]) + 2; |
| if (search_path_buffer_len < 4000) |
| { |
| /* Prefer small stack allocations to avoid valgrind leak warnings |
| * in forked child. The 4000B cutoff is arbitrary. */ |
| search_path_buffer = g_alloca (search_path_buffer_len); |
| } |
| else |
| { |
| search_path_buffer_heap = g_malloc (search_path_buffer_len); |
| search_path_buffer = search_path_buffer_heap; |
| } |
| } |
| |
| if (search_path || search_path_from_envp) |
| g_assert (search_path_buffer != NULL); |
| else |
| g_assert (search_path_buffer == NULL); |
| |
| /* And allocate a buffer which is 2 elements longer than @argv, so that if |
| * script_execute() has to be called later on, it can build a wrapper argv |
| * array in this buffer. */ |
| argv_buffer_len = g_strv_length ((gchar **) argv) + 2; |
| if (argv_buffer_len < 4000 / sizeof (gchar *)) |
| { |
| /* Prefer small stack allocations to avoid valgrind leak warnings |
| * in forked child. The 4000B cutoff is arbitrary. */ |
| argv_buffer = g_newa (gchar *, argv_buffer_len); |
| } |
| else |
| { |
| argv_buffer_heap = g_new (gchar *, argv_buffer_len); |
| argv_buffer = argv_buffer_heap; |
| } |
| |
| /* And one to hold a copy of @source_fds for later manipulation in do_exec(). */ |
| source_fds_copy = g_new (int, n_fds); |
| if (n_fds > 0) |
| memcpy (source_fds_copy, source_fds, sizeof (*source_fds) * n_fds); |
| |
| if (!g_unix_pipe_open (&child_err_report_pipe, pipe_flags, error)) |
| goto cleanup_and_fail; |
| if (source_fds_collide_with_pipe (&child_err_report_pipe, source_fds, n_fds, error)) |
| goto cleanup_and_fail; |
| |
| if (intermediate_child) |
| { |
| if (!g_unix_pipe_open (&child_pid_report_pipe, pipe_flags, error)) |
| goto cleanup_and_fail; |
| if (source_fds_collide_with_pipe (&child_pid_report_pipe, source_fds, n_fds, error)) |
| goto cleanup_and_fail; |
| } |
| |
| pid = fork (); |
| |
| if (pid < 0) |
| { |
| int errsv = errno; |
| |
| g_set_error (error, |
| G_SPAWN_ERROR, |
| G_SPAWN_ERROR_FORK, |
| _("Failed to fork (%s)"), |
| g_strerror (errsv)); |
| |
| goto cleanup_and_fail; |
| } |
| else if (pid == 0) |
| { |
| /* Immediate child. This may or may not be the child that |
| * actually execs the new process. |
| */ |
| |
| /* Reset some signal handlers that we may use */ |
| signal (SIGCHLD, SIG_DFL); |
| signal (SIGINT, SIG_DFL); |
| signal (SIGTERM, SIG_DFL); |
| signal (SIGHUP, SIG_DFL); |
| |
| /* Be sure we crash if the parent exits |
| * and we write to the err_report_pipe |
| */ |
| signal (SIGPIPE, SIG_DFL); |
| |
| /* Close the parent's end of the pipes; |
| * not needed in the close_descriptors case, |
| * though |
| */ |
| g_unix_pipe_close (&child_err_report_pipe, G_UNIX_PIPE_END_READ, NULL); |
| g_unix_pipe_close (&child_pid_report_pipe, G_UNIX_PIPE_END_READ, NULL); |
| if (child_close_fds[0] != -1) |
| { |
| int i = -1; |
| while (child_close_fds[++i] != -1) |
| g_clear_fd (&child_close_fds[i], NULL); |
| } |
| |
| if (intermediate_child) |
| { |
| /* We need to fork an intermediate child that launches the |
| * final child. The purpose of the intermediate child |
| * is to exit, so we can waitpid() it immediately. |
| * Then the grandchild will not become a zombie. |
| */ |
| GPid grandchild_pid; |
| |
| grandchild_pid = fork (); |
| |
| if (grandchild_pid < 0) |
| { |
| /* report -1 as child PID */ |
| write_all (g_unix_pipe_get (&child_pid_report_pipe, G_UNIX_PIPE_END_WRITE), |
| &grandchild_pid, sizeof(grandchild_pid)); |
| |
| write_err_and_exit (g_unix_pipe_get (&child_err_report_pipe, G_UNIX_PIPE_END_WRITE), |
| CHILD_FORK_FAILED); |
| } |
| else if (grandchild_pid == 0) |
| { |
| g_unix_pipe_close (&child_pid_report_pipe, G_UNIX_PIPE_END_WRITE, NULL); |
| do_exec (g_unix_pipe_get (&child_err_report_pipe, G_UNIX_PIPE_END_WRITE), |
| stdin_fd, |
| stdout_fd, |
| stderr_fd, |
| source_fds_copy, |
| target_fds, |
| n_fds, |
| working_directory, |
| argv, |
| argv_buffer, |
| argv_buffer_len, |
| envp, |
| close_descriptors, |
| chosen_search_path, |
| search_path_buffer, |
| search_path_buffer_len, |
| stdout_to_null, |
| stderr_to_null, |
| child_inherits_stdin, |
| file_and_argv_zero, |
| child_setup, |
| user_data); |
| } |
| else |
| { |
| write_all (g_unix_pipe_get (&child_pid_report_pipe, G_UNIX_PIPE_END_WRITE), |
| &grandchild_pid, sizeof(grandchild_pid)); |
| g_unix_pipe_close (&child_pid_report_pipe, G_UNIX_PIPE_END_WRITE, NULL); |
| |
| _exit (0); |
| } |
| } |
| else |
| { |
| /* Just run the child. |
| */ |
| |
| do_exec (g_unix_pipe_get (&child_err_report_pipe, G_UNIX_PIPE_END_WRITE), |
| stdin_fd, |
| stdout_fd, |
| stderr_fd, |
| source_fds_copy, |
| target_fds, |
| n_fds, |
| working_directory, |
| argv, |
| argv_buffer, |
| argv_buffer_len, |
| envp, |
| close_descriptors, |
| chosen_search_path, |
| search_path_buffer, |
| search_path_buffer_len, |
| stdout_to_null, |
| stderr_to_null, |
| child_inherits_stdin, |
| file_and_argv_zero, |
| child_setup, |
| user_data); |
| } |
| } |
| else |
| { |
| /* Parent */ |
| |
| gint buf[2]; |
| gint n_ints = 0; |
| |
| /* Close the uncared-about ends of the pipes */ |
| g_unix_pipe_close (&child_err_report_pipe, G_UNIX_PIPE_END_WRITE, NULL); |
| g_unix_pipe_close (&child_pid_report_pipe, G_UNIX_PIPE_END_WRITE, NULL); |
| |
| /* If we had an intermediate child, reap it */ |
| if (intermediate_child) |
| { |
| wait_again: |
| if (waitpid (pid, &status, 0) < 0) |
| { |
| if (errno == EINTR) |
| goto wait_again; |
| else if (errno == ECHILD) |
| ; /* do nothing, child already reaped */ |
| else |
| g_warning ("waitpid() should not fail in 'fork_exec'"); |
| } |
| } |
| |
| |
| if (!read_ints (g_unix_pipe_get (&child_err_report_pipe, G_UNIX_PIPE_END_READ), |
| buf, 2, &n_ints, |
| error)) |
| goto cleanup_and_fail; |
| |
| if (n_ints >= 2) |
| { |
| /* Error from the child. */ |
| |
| switch (buf[0]) |
| { |
| case CHILD_CHDIR_FAILED: |
| g_set_error (error, |
| G_SPAWN_ERROR, |
| G_SPAWN_ERROR_CHDIR, |
| _("Failed to change to directory “%s” (%s)"), |
| working_directory, |
| g_strerror (buf[1])); |
| |
| break; |
| |
| case CHILD_EXEC_FAILED: |
| g_set_error (error, |
| G_SPAWN_ERROR, |
| _g_spawn_exec_err_to_g_error (buf[1]), |
| _("Failed to execute child process “%s” (%s)"), |
| argv[0], |
| g_strerror (buf[1])); |
| |
| break; |
| |
| case CHILD_OPEN_FAILED: |
| g_set_error (error, |
| G_SPAWN_ERROR, |
| G_SPAWN_ERROR_FAILED, |
| _("Failed to open file to remap file descriptor (%s)"), |
| g_strerror (buf[1])); |
| break; |
| |
| case CHILD_DUPFD_FAILED: |
| g_set_error (error, |
| G_SPAWN_ERROR, |
| G_SPAWN_ERROR_FAILED, |
| _("Failed to duplicate file descriptor for child process (%s)"), |
| g_strerror (buf[1])); |
| |
| break; |
| |
| case CHILD_FORK_FAILED: |
| g_set_error (error, |
| G_SPAWN_ERROR, |
| G_SPAWN_ERROR_FORK, |
| _("Failed to fork child process (%s)"), |
| g_strerror (buf[1])); |
| break; |
| |
| case CHILD_CLOSE_FAILED: |
| g_set_error (error, |
| G_SPAWN_ERROR, |
| G_SPAWN_ERROR_FAILED, |
| _("Failed to close file descriptor for child process (%s)"), |
| g_strerror (buf[1])); |
| break; |
| |
| default: |
| g_set_error (error, |
| G_SPAWN_ERROR, |
| G_SPAWN_ERROR_FAILED, |
| _("Unknown error executing child process “%s”"), |
| argv[0]); |
| break; |
| } |
| |
| goto cleanup_and_fail; |
| } |
| |
| /* Get child pid from intermediate child pipe. */ |
| if (intermediate_child) |
| { |
| n_ints = 0; |
| |
| if (!read_ints (g_unix_pipe_get (&child_pid_report_pipe, G_UNIX_PIPE_END_READ), |
| buf, 1, &n_ints, error)) |
| goto cleanup_and_fail; |
| |
| if (n_ints < 1) |
| { |
| int errsv = errno; |
| |
| g_set_error (error, |
| G_SPAWN_ERROR, |
| G_SPAWN_ERROR_FAILED, |
| _("Failed to read enough data from child pid pipe (%s)"), |
| g_strerror (errsv)); |
| goto cleanup_and_fail; |
| } |
| else |
| { |
| /* we have the child pid */ |
| pid = buf[0]; |
| } |
| } |
| |
| /* Success against all odds! return the information */ |
| g_unix_pipe_close (&child_err_report_pipe, G_UNIX_PIPE_END_READ, NULL); |
| g_unix_pipe_close (&child_pid_report_pipe, G_UNIX_PIPE_END_READ, NULL); |
| |
| g_free (search_path_buffer_heap); |
| g_free (argv_buffer_heap); |
| g_free (source_fds_copy); |
| |
| if (child_pid) |
| *child_pid = pid; |
| |
| goto success; |
| } |
| |
| success: |
| /* Close the uncared-about ends of the pipes */ |
| g_unix_pipe_close (&stdin_pipe, G_UNIX_PIPE_END_READ, NULL); |
| g_unix_pipe_close (&stdout_pipe, G_UNIX_PIPE_END_WRITE, NULL); |
| g_unix_pipe_close (&stderr_pipe, G_UNIX_PIPE_END_WRITE, NULL); |
| |
| if (stdin_pipe_out != NULL) |
| *stdin_pipe_out = g_unix_pipe_steal (&stdin_pipe, G_UNIX_PIPE_END_WRITE); |
| |
| if (stdout_pipe_out != NULL) |
| *stdout_pipe_out = g_unix_pipe_steal (&stdout_pipe, G_UNIX_PIPE_END_READ); |
| |
| if (stderr_pipe_out != NULL) |
| *stderr_pipe_out = g_unix_pipe_steal (&stderr_pipe, G_UNIX_PIPE_END_READ); |
| |
| return TRUE; |
| |
| cleanup_and_fail: |
| |
| /* There was an error from the Child, reap the child to avoid it being |
| a zombie. |
| */ |
| |
| if (pid > 0) |
| { |
| wait_failed: |
| if (waitpid (pid, NULL, 0) < 0) |
| { |
| if (errno == EINTR) |
| goto wait_failed; |
| else if (errno == ECHILD) |
| ; /* do nothing, child already reaped */ |
| else |
| g_warning ("waitpid() should not fail in 'fork_exec'"); |
| } |
| } |
| |
| g_unix_pipe_clear (&stdin_pipe); |
| g_unix_pipe_clear (&stdout_pipe); |
| g_unix_pipe_clear (&stderr_pipe); |
| g_unix_pipe_clear (&child_err_report_pipe); |
| g_unix_pipe_clear (&child_pid_report_pipe); |
| |
| g_clear_pointer (&search_path_buffer_heap, g_free); |
| g_clear_pointer (&argv_buffer_heap, g_free); |
| g_clear_pointer (&source_fds_copy, g_free); |
| |
| return FALSE; |
| } |
| |
| /* Based on execvp from GNU C Library */ |
| |
| /* This function is called between fork() and exec() and hence must be |
| * async-signal-safe (see signal-safety(7)) until it calls exec(). */ |
| static gboolean |
| script_execute (const gchar *file, |
| gchar **argv, |
| gchar **argv_buffer, |
| gsize argv_buffer_len, |
| gchar **envp) |
| { |
| /* Count the arguments. */ |
| gsize argc = 0; |
| while (argv[argc]) |
| ++argc; |
| |
| /* Construct an argument list for the shell. */ |
| if (argc + 2 > argv_buffer_len) |
| return FALSE; |
| |
| argv_buffer[0] = (char *) "/bin/sh"; |
| argv_buffer[1] = (char *) file; |
| while (argc > 0) |
| { |
| argv_buffer[argc + 1] = argv[argc]; |
| --argc; |
| } |
| |
| /* Execute the shell. */ |
| if (envp) |
| execve (argv_buffer[0], argv_buffer, envp); |
| else |
| execv (argv_buffer[0], argv_buffer); |
| |
| return TRUE; |
| } |
| |
| /* This function is called between fork() and exec() and hence must be |
| * async-signal-safe (see signal-safety(7)). */ |
| static gchar* |
| my_strchrnul (const gchar *str, gchar c) |
| { |
| gchar *p = (gchar*) str; |
| while (*p && (*p != c)) |
| ++p; |
| |
| return p; |
| } |
| |
| /* This function is called between fork() and exec() and hence must be |
| * async-signal-safe (see signal-safety(7)) until it calls exec(). */ |
| static gint |
| g_execute (const gchar *file, |
| gchar **argv, |
| gchar **argv_buffer, |
| gsize argv_buffer_len, |
| gchar **envp, |
| const gchar *search_path, |
| gchar *search_path_buffer, |
| gsize search_path_buffer_len) |
| { |
| if (file == NULL || *file == '\0') |
| { |
| /* We check the simple case first. */ |
| errno = ENOENT; |
| return -1; |
| } |
| |
| if (search_path == NULL || strchr (file, '/') != NULL) |
| { |
| /* Don't search when it contains a slash. */ |
| if (envp) |
| execve (file, argv, envp); |
| else |
| execv (file, argv); |
| |
| if (errno == ENOEXEC && |
| !script_execute (file, argv, argv_buffer, argv_buffer_len, envp)) |
| { |
| errno = ENOMEM; |
| return -1; |
| } |
| } |
| else |
| { |
| gboolean got_eacces = 0; |
| const gchar *path, *p; |
| gchar *name; |
| gsize len; |
| gsize pathlen; |
| |
| path = search_path; |
| len = strlen (file) + 1; |
| pathlen = strlen (path); |
| name = search_path_buffer; |
| |
| if (search_path_buffer_len < pathlen + len + 1) |
| { |
| errno = ENOMEM; |
| return -1; |
| } |
| |
| /* Copy the file name at the top, including '\0' */ |
| memcpy (name + pathlen + 1, file, len); |
| name = name + pathlen; |
| /* And add the slash before the filename */ |
| *name = '/'; |
| |
| p = path; |
| do |
| { |
| char *startp; |
| |
| path = p; |
| p = my_strchrnul (path, ':'); |
| |
| if (p == path) |
| /* Two adjacent colons, or a colon at the beginning or the end |
| * of 'PATH' means to search the current directory. |
| */ |
| startp = name + 1; |
| else |
| startp = memcpy (name - (p - path), path, p - path); |
| |
| /* Try to execute this name. If it works, execv will not return. */ |
| if (envp) |
| execve (startp, argv, envp); |
| else |
| execv (startp, argv); |
| |
| if (errno == ENOEXEC && |
| !script_execute (startp, argv, argv_buffer, argv_buffer_len, envp)) |
| { |
| errno = ENOMEM; |
| return -1; |
| } |
| |
| switch (errno) |
| { |
| case EACCES: |
| /* Record the we got a 'Permission denied' error. If we end |
| * up finding no executable we can use, we want to diagnose |
| * that we did find one but were denied access. |
| */ |
| got_eacces = TRUE; |
| |
| G_GNUC_FALLTHROUGH; |
| case ENOENT: |
| #ifdef ESTALE |
| case ESTALE: |
| #endif |
| #ifdef ENOTDIR |
| case ENOTDIR: |
| #endif |
| /* Those errors indicate the file is missing or not executable |
| * by us, in which case we want to just try the next path |
| * directory. |
| */ |
| break; |
| |
| case ENODEV: |
| case ETIMEDOUT: |
| /* Some strange filesystems like AFS return even |
| * stranger error numbers. They cannot reasonably mean anything |
| * else so ignore those, too. |
| */ |
| break; |
| |
| default: |
| /* Some other error means we found an executable file, but |
| * something went wrong executing it; return the error to our |
| * caller. |
| */ |
| return -1; |
| } |
| } |
| while (*p++ != '\0'); |
| |
| /* We tried every element and none of them worked. */ |
| if (got_eacces) |
| /* At least one failure was due to permissions, so report that |
| * error. |
| */ |
| errno = EACCES; |
| } |
| |
| /* Return the error from the last attempt (probably ENOENT). */ |
| return -1; |
| } |
| |
| /** |
| * g_spawn_close_pid: |
| * @pid: The process reference to close |
| * |
| * On some platforms, notably Windows, the #GPid type represents a resource |
| * which must be closed to prevent resource leaking. g_spawn_close_pid() |
| * is provided for this purpose. It should be used on all platforms, even |
| * though it doesn't do anything under UNIX. |
| **/ |
| void |
| g_spawn_close_pid (GPid pid) |
| { |
| } |